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Abstract 

Existing compact routing schemes, e.g., Thorup and Zwick [SPAA 2001] and Chechik [PODC 2013], 
often have no means to tolerate failures, once the system has been setup and started. This paper presents, 
to our knowledge, the first self-healing compact routing scheme. Besides, our schemes are developed for 
low memory nodes, i.e., nodes need only 0(log 2 n) memory, and are thus, compact schemes. 

We introduce two algorithms of independent interest: The first is CompactFT , a novel compact 
version (using only O(logn) local memory) of the self-healing algorithm Forgiving Tree of Hayes et al. 
[PODC 2008]. The second algorithm ( CompactFTZ) combines CompactFT with Thorup-Zwick’s tree- 
based compact routing scheme [SPAA 2001] to produce a fully compact self-healing routing scheme. In 
the self-healing model, the adversary deletes nodes one at a time with the affected nodes self-healing 
locally by adding few edges. CompactFT recovers from each attack in only 0(1) time and A messages, 
with only +3 degree increase and 0(log A) graph diameter increase, over any sequence of deletions (A is 
the initial maximum degree). 

Additionally, CompactFTZ guarantees delivery of a packet sent from sender s as long as the receiver 
t has not been deleted, with only an additional 0(y log A) latency, where y is the number of nodes that 
have been deleted on the path between s and t. If t has been deleted, s gets informed and the packet 
removed from the network. 


1 Introduction 

Efficient routing is becoming critical in current networks, and more so in future networks. Routing protocols 
have been the focus of intensive research over the years. Routing is based on information carried by the 
traveling packets and data structures that are maintained at the intermediate nodes. The efficiency param¬ 
eters change from time to time, as the network use develops and new bottlenecks are identified. It is clear 
that the size of the network eliminates the ability to use any centralized decisions, and we are close to giving 
up on maintaining long distance routing decisions. We are a few years before a full scale deployment of IOT 
(Internet of Things) that will introduce billions of very weak devices that need to be routed. The size of the 
network and the dynamic structure that will evolve will force focusing on local decisions. The weakness of 
future devices and the size of the network will push for the use of protocols that do not require maintaining 
huge routing tables. 

Santoro and Khatib 44l . Peleg and Upfal [40] . and Cowen [13 ] pioneered the concept of compact routing 
that requires only a minimal storage at each node. Moreover, the use of such routing protocols imposes only 
a constant factor increase on the length of the routing. Several papers followed up with some improvements 
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on the schemes (cf. Thorup and Zwick [45] . Fraigniaud and Gavoille |20], and Chechik ef These efficient 
routing schemes remain stable as long as there are no changes to the network. 

The target of the current paper is to introduce an efficient compact scheme that combines compact 
routing with the ability to correct the local data structure stored at each node in a response to the change. 
Throughout this paper, when we say compact, we imply schemes that use o(n) local memory (in our case, we 
actually only use 0( log 2 n) local memory) per node. Our new scheme has similar cost as previous compact 
routing schemes. We will focus on node failures, since that is more challenging to handle. 

Our algorithms work in the bounded memory self-healing model (Section ED- We assume that the 
network is initially a connected graph over n nodes. All nodes are involved in a preprocessing stage in which 
the nodes identify edges to be included in building a spanning tree over the network and construct their local 
data structures. The adversary repeatedly attacks the network. The adversary knows the network topology 
and the algorithms, and has the ability to delete arbitrary nodes from the network. To enforce a bound on 
the rate of changes, it is assumed the adversary is constrained in that it deletes one node at a time, and 
between two consecutive deletions, nodes in the neighbourhood of the deleted node can exchange messages 
with their immediate neighbours and can also request for additional edges to be added between themselves. 


Our self-healing algorithm CompactFT ensures recovery from each attack in only a constant time and 
A messages, while, over any sequence of deletions, taking only constant additive degree increase (of 3) and 
keeping the diameter as 0(D log A), where D is the diameter of the initial graph and A the maximum degree 
of the initial spanning tree built on the graph. Moreover, CompactFT needs only O(logn) local memory 
(where n is the number of nodes originally in the network). Theorem 3.1 states the results formally. 

CompactFTZ, our compact routing algorithm, is based on the compact routing scheme on trees by Thorup 
and Zwick [45] . and ensures routing between any pair of existing nodes in our self-healing tree without loss 
of any message packet whose target is still connected. Moreover, the source will be informed if the receiver 
is lost, and if both the sender and receiver have been lost, the message will be discarded from the system 
within at most twice of the routing time. Our algorithm guarantees that after any sequence of deletions, a 
packet from s to t is routed through a path of length 0(d(s,t) log A), where d(s,t) is the distance between 
s and £, and A is the maximum degree of any node in the initial tree. Though CompactFTZ uses only 
log n local memory, the routing labels (and, hence, the mess ages ) are of 0(log 2 n) size, so nodes may need 


0( log n) memory to locally process the messages. Theorem 4.2 states the results formally. 


A few modifications are needed to [45] to achieve our compact fault-tolerant scheme. We have to ensure 
that the packets are routed despite the deletions, subsequent self-healing, and, thus, loss and obsolescence of 
some information, i.e., we would like to continue without updating outdated routing tables and labels. This 
is partly achieved by using a post-order DFS labelling that allows the self-healing nodes to do routing using 
just simple binary search in the affected areas (|45 uses pre-order DFS labels). Other modifications to the 
algorithm and labels modify the routing according to the self-healing state of the nodes, ensure packets are 
not lost while self-healing and allow undelivered packets to dead targets to be returned to alive senders. 


Algorithm 


Over Complete Run 

Per Healing Phase 


Local 

Diameter 

Degree 

Parallel 

Msg 

# Msges 


Memory 

(Orig: D) 

(Orig: d) 

Repair Time 

Size 


Forgiving Tree 126] 

0(n) 

D log At 

d T 3 

0(1) 

0(log n) 

0(1) 

CompactFT (this paper) 

O(logn) 

D log At 

d + 3 

0(1) 

O(logn) 

0 ( 5 )* 


t A: Highest degree of network. 

* S : Highest degree of a node involved in repair (at the most A). 


Table 1: Comparison of CompactFT with Forgiving Tree 


Related Work CompactFT uses ideas from the Forgiving Tree (26] (FT, in short) approach in order to 
improve compact routing. The main improvement of CompactFT is that no node uses more than O (log n) 
local memory and thus, CompactFT is compact. CompactFT achieves the same bounds and healing invari- 
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ants as FT, however, taking slightly more messages (at most 0(A) messages as opposed to 0(1) in FT) in 
certain rounds. Table [l] compares both algorithms. 

Several papers have studied the routing problem in arbitrary networks (e.g. mu mu]) and with the 
help of geographic information (e.g. but without failures. These papers are interested in the 

trade-off between the size of the routing tables and the stretch of the scheme: the worst case ratio between 
the length of the path obtained by the routing scheme and the length of the shortest path between the source 
and the destination. Here we are mainly interested in preserving compactness under the presence of failures. 

An interesting line of research deals with labelling schemes. m presents labelling schemes for weighted 
dynamic trees where node weights can change. However, it does not deal with node deletions nor does it 
claim to deal with routing. In [31], Korman et al. present a compact distributed labelling scheme in the 
dynamic tree model: (1) the network is a tree, (2) nodes are deleted/added one at a time, (3) the root is 
never deleted and (4) only leaves can be added/deleted. In a labelling scheme, each node has a label and from 
every two labels, the distance between the corresponding nodes can be easily computed. The fault-tolerant 
labelling scheme is obtained by modifying any static scheme. Using the previous, they get fault-tolerant (in 
the same model) compact versions of the compact tree routing schemes of [21] 20 . [45]. These schemes have a 
multiplicative overhead factor of Q(log n) on the label sizes of the static schemes. In 128 , Korman improves 
the results in ED, presenting a labelling scheme in the same model that allows to compute any function on 
pairs of vertices with smaller labels, at the cost, in some cases, of communication. Our work differs from the 
previous in the sense that though we use a spanning tree of the network, our network can be arbitrary and 
any node can be deleted by the adversary. 

There have been numerous papers that discuss strategies for adding additional capacity and rerouting 
in anticipation of failures nni m ki nzi ns usi nzi ezi szi ehi ns- In each of these solutions, the network 
is fixed and either redundant information is precomputed or routing tables are updated when a failure 
is detected. In contrast, our algorithm runs in a dynamic setting where edges are added to the network 
as node failures occur, maintaining connectivity and preserving compactness at all time. Our bounded 
memory self-healing model builds upon the model introduced in ESI- a variety of self-healing topology 
maintenance algorithms have been devised in the self-healing models |SBJ |39j [25] [46] 03] . Our paper moves 
in the direction of self-healing computation/routing along with topology which is attempted in other papers 
e.g. @2] (though in a different model). Finally, dynamic network topoplogy and fault tolerance are core 
concerns of distributed computing [I] US] and various models, e.g., [33] . and topology maintenance and 

Self-* algorithms abound 

1.1 Bounded Memory Self-healing Model 

Let G = Go be an arbitrary connected (for simplicity) graph on n nodes, which represent processors in a 
distributed network. Each node has a unique ID. Initially, each node only knows its neighbors in Go, and 
is unaware of the structure of the rest of Go- 

We allow a certain amount of pre-processing to be done before the adversary is allowed to delete nodes. In 
the pre-processing stage nodes exchange messages with their neighbors and setup data structures as required. 

The adversarial process can be described as deleting some node v t from G t - 1 , forming H t . All neighbors 
of v t are informed of the deletion. In the healing stage nodes of H t communicate (concurrently) with their 
immediate neighbors. Nodes may insert edges joining them to other nodes they know about, as desired. 
Nodes may also drop edges from previous phases if no longer required. The resulting graph at the end of 
this phase is Gt- Nodes are not explicitly informed when the healing stage ends. We make no synchronicity 
assumption except that all messages after the deletion of a node, i.e., in a healing phase, are safely received 
and processed before the adversary deletes the next node. 

The objective is minimizing the following “complexity” measures (excluding the preprocessing stage): 

• Degree increase: max t<n max v (deg(^, G t ) — deg(t>, Go)) 

• Diameter stretch: maxt< n Dia(Gt)/Dia(Go) 

• Communication: The maximum number of bits sent by a single node in each recovery phase 
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• Recovery time: The maximum total time for a recovery phase, assuming it takes a message no more 
than 1 time unit to traverse any edge 

• Local Memory: The amount of memory a single node needs to maintain to run the algorithm. 

1.2 Compact Routing Model 

The algorithm is allowed a pre-processing phase, e.g., to run a distributed DFS on the graph. Each message 
has a label which may contain the node ID and other information derived from the pre-processing phase. 
Every node stores some local information for routing. The routing algorithm does not change the original 
port assignment at any node (however, node deletions may force the self-healing algorithm to do simple port 
re-assignments). We are interested in minimizing the sizes of the label and the local information at each 
node. 


2 The Algorithms: High Level 

As stated, CompactFT (Algorithm is an adaptation of FT [26] for low memory (O(logn)) nodes). 
CompactFTZ (Algorithm |4.2| ) then conducts reliable routing over CompactFT. At a high level, the following 
happens: 

• Preprocessing: A BFS spanning tree To of graph Go is derived followed by DFS traversal and labelling 
and careful setup of CompactFT and CompactFTZ fields (Tables [2] and [4|. For CompactFT, every 
node sets up and distributes a Will (Section [3]), which is the blueprint of edges and virtual (helper) 
nodes to be constructed upon the node’s deletion. 

• After each deletion, the repair maintains the spanning tree of helper and real (original) nodes, i.e., the 
i th deletion (say, of node vf) and subsequent repair yields tree T{. The helper nodes are simulated by 
the real nodes and only a real node can be deleted. The two main cases are as follows: 

- non-leaf deletion, i.e., Vi is not a leaf in T^_i (Section ED : The neighbours of ‘execute’ vfs will 
leading vi to be replaced by a reconstruction tree (RT(t^)) which is a balanced binary search tree ( BBST ) 
having ^’s neighbours as the leaves and helper nodes as the internal nodes simulated by vfs neighbours 
(Figure [TJ. 

- leaf deletion, i.e., is a leaf in T^_i (Section |3.2| ): This case is more complicated in the low memory 
setting since a node (in particular, vfs parent p) cannot store the list of its children nor recompute 
its Will. If p was dead, v^s siblings essentially deletes a redundant helper node while maintaining the 
structure. If p is alive, no new edges are made but p orchestrates a distributed update of its will while 
being oblivious of the identity of its children. Thus, when p is eventually deleted, the right structure 
gets put in place. 

• Routing: Independent of the self-healing, a node s may send a message to node r (along with s’s own 
label) using the CompactFTZ protocol. The label on the message (for r) along with the local routing 
fields at a real node tells the next node, say w, on the path. If, however, w had been deleted earlier, 
there could be a helper node on that port which is part of RT(re). Now, the message would be routed 
using the fact that the RT(re) is a BBST and make it to the right node at the end of KT(w). The 
message eventually reaches r, but if r is dead, the message is ‘returned to sender’ using s’s label. 

3 CompactFT: Detailed Description 

In this section, we describe CompactFT. CompactFT maintains connectivity in an initially connected 
network with only a total constant degree increase per node and 0(log A) factor diameter increase over any 
sequence of attacks while using only O(logn) local memory (where n is the number of nodes originally in 
the network). The formal theorem statement is given in Theorem |3.1| 
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Figure 1: Deleted node v replaced by Reconstruction Tree (RT(u)). Nodes in oval are virtual helper nodes. 
The circles are regular helper nodes and the rectangle is ‘heir’ helper node. The ‘Will’ of v is RT(u), i.e., 
the structure that replaces the deleted v. 


Current fields 

Fields having information about a node’s current neighbors 

parent(v) 

Parent of v 

parentport(v) 

Port at which parent(v ) is attached 

numchildren(v) 

Number of children of v 

maxportnumber(v) 

Maximum port number used by v 

heir(v) ,<heir(v)> 

The heir of v and its port 

Helper fields 

Fields for a helper node v may be simulating. (Empty if none) 

hparent(v) 

Parent of the helper node v simulates 

hchildren(v) 

Children of helper node v simulates. 

Reconstruction fields / Will- 

Fields used by v to reconstruct its connections when its neighbor 

Portion /LeafWillPortion 

is deleted. 

nextparent(v) 

Node which will be next Parent (v) 

nexthparent(v) 

Node which will be next hparent (v) 

nexthchildren(v) 

Node(s) that will be next hchildren(u) 

Flags 

Boolean fields telling node’s status. 

hashelper(v) 

True if v is simulating a helper node 


Table 2: The fields maintained by a node v for Compact FT. Each reference to a sibling is tagged with 
the port number at which it is attached to parent (not shown above for clarity) e.g. nextparent(v ) is 
nextparent{v ), <nextparent(v )>. 


Message 

Description 

BrLeafLost (<x>) 

Node v broadcasts, informing that 

the leaf node at u’s port <x> has been deleted. 

BrNodeReplace 
((x, <x>), (h, <x>)) 

Node v broadcasts, asking receivers to replace (in their 
willportions ) at u’s port <x>, node x with node h. 

PtWillConnection 

((y, <y>),(z,<z>)) 

Node v asks receivers (in their v. Willportion) to make an edge 
between node y and node z 

PtNewLeafWill (G/, <2/>), 

(z,<z>),W(y)) 

Node v informs node z that it is the new LcafHcirfy) and gives 
it W(y) (= LeafWill(y)). 


Table 3: Messages used by Compact FT (sent by a node v). 


As stated, in CompactFT, a deleted node is replaced by a RT formed by (virtual) helper nodes simulated 
by its children (siblings in case of a leaf deletion) (Figure [l]). This healing is carried out by a mechanism of 
wills: 

Will Mechanism: A Will(u) is the set of actions, i.e., the subgraph to be constructed on the deletion of 
node v. When v is a non-leaf node, this is essentially the encoding of the structure RT(u) and is distributed 
among u’s children. Each part of a node’s Will stored with another node is called a Willportion. We denote 
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nextparent=c 
^ \ nexthparent=p 
^ \jnexthchildren=b 


Figure 2: The network of a node u, u’s Will = RT(u) and Willportions for its children a and d. 


Willportion(p, v) to be the part of Will(p) that involves u, i.e., the relevant subgraph, and is stored by node 
v. When v is a leaf node, however, Will(u) differs in not being a RT(u) and is stored with siblings of v. For 
clarity, we call this kind of Will a LeafWill, the Willportions as LeafWillportions and a leaf node’s heir as 
LeafHeir. Thus, a Will of a node is distributed among the node’s neighbours such that the union of those 
Willportions makes the whole Will. Note that a Willportion (or LeafWillportion) is of only constant size (in 
number of node IDs). Figure [ 2 ] shows the Will of a node v and the corresponding Willportions. 

The fields used by a node for executing CompactFT are given in Table [2j Unlike FT, the node cannot 
have either the list of its children or its own RT (since these can be as large as 0{n )). Rather, a node v will 
store the number of its children (numchildren(v)) , highest port number in use ( maxportnumber ) and will 
store every node reference in the form (nodelD , port) , e.g., in Willportion(p, n), a reference to a node x will 
be stored as ( x , <x>), where <x> is the port of p at which x is connected. 


Algorithm |3 .1 1 gives a high level overview of CompactFT. Algorithms 5.1 through |5.4| (in the appendix) 
give a more detailed technical description of the algorithm. Also, Table [3 describes some of the special 
messages used by CompactFT. CompactFT begins with a preprocessing phase (Algo |3.1| line [T]) in which 
a rooted BFS spanning tree of the network from an arbitrary node is computed. The algorithm will then 
maintain this tree in a self-healing manner. Each node sets up the CompactFT data structures including its 
Will. We do not count the resources involved in the preprocessing but note that at the end of that phase 
all the CompactFT data structures are contained within the O(logn) memory of a node. As stated, the 
basic operation is to replace a (non-leaf) node by a RT. A leaf deletion, however, leads to a reduction in the 
number of nodes in the system and the structure is then maintained by a combination of a ‘short circuiting’ 
operation and a helper node reassignment (this is also encoded in the leaf node’s LeafWill and is discussed 
later). An essential invariant of CompactFT is that a real node simulates at most one helper node and 
since each helper node is a node of a binary tree, the degree increase of any node is restricted to at most 3. 
Similarly, since RTs are balanced binary trees, distances and, hence, the diameter of the CompactFT, blows 
up by at most a log A factor, where A is the degree of the highest node (ref: Theorem 3.1). In the following 
description, we sometimes refer to a node v as Real(u) if it is real, or helper(u) if it is a helper node, or by 
just v if it is obvious from the context. 


3.1 Deletion of a Non-Leaf Node: 

Assume that a node x is deleted. If x was not a leaf node (Algorithm |5.2| Algorithm |3.1| lines HtHf it’s 
neighbours simply execute x’s Will. One of x’s children (by default the rightmost child) is a special child 
called the Heir (say, h) and it takes over any virtual node (i.e., helper (x)) that x may have been simulating, 
otherwise it is the one that connects the rest of the RT to the parent of x (say, p). This past action may 
lead to changes in the Wills of other live nodes. In particular, p will have to tell its children to replace x by 
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Algorithm 3.1 CompactFT(Graph G): High level view 
l: Preprocessing and INIT: A rooted BFS spanning tree T(V,E') of G(V,E) is computed. For every node 
v, its Will (non-leaf or leaf as appropriate) is computed. Every node x in a Will is labeled as (x, <x>), 
where x is x’s ID and <x> is x’s parent’s port number at which x is connected (if it exists). Each node 
only has a Willportion and/or LeafWillportions (O(logn) sized portion of parent’s or sibling’s Will, 
respectively). 

2: while true do 

3: if a vertex x is deleted then 

4: if x was not a leaf (i.e., had any children) then // Fix non leaf deletion. 

5: x’s children execute x’s Will using x’s Willportions they have; Heir(x) takes over x’s Will/duties. 

6: All Affected Wills (i.e. neighbours of x and of helper (x)) are updated by simple update of relevant 

Willportions. 

7: else //Fix leaf deletion. 

8: Let node p (if it exists) be node x’s parent // If p does not exist, x was the only node in the 

network, so nothing to do 

9: if p is real/alive then // Update Wills by simulating the deletion of p and x 

10: if x was p’s only child then 

ll: p computes its LeafHeir and LeafWill and forwards it. // p has become a leaf 

12: else 

13: p informs all children about x’s deletion. 

14: p’s children update p’s Willportions using x’s LeafWillportions. 

15: Children issue updates to p’s Willportions and other LeafWillportions via p. 

16: p forwards updates via broadcast or point-to-point messages, as required. 

17: p’s neighbours receiving these messages update their data structures. 

18: end if 

19: else // p had already been deleted earlier. 

20: Let y be x’s LeafHeir. 

21: y executes x’s Will. 

22: Affected nodes update their and their neighbour’s Willportions. 

23: end if 

24: end if 

25: if x was node z’s LeafHeir then 

26: z sets a new neighbour as LeafHeir following a simple rule. 

27: end if 

28: end if 

29: end while 


h in p’s Will. Due to the limited memory, p does not know the identity of x. However, when h contacts p, it 
will inform p that x has been deleted and p will broadcast a message BrNodeReplace((x, < x >), (h, < x >)) 
asking all neighbours to replace x by h in their Willportions at the same port (Algorithm |5.2| and Table [3]). 

3.2 Deletion of a Leaf Node: 

If the deleted node x was, in fact, a leaf node, the situation is more involved. There are two cases to consider: 
whether the parent p of x is a helper node (implying the original parent had been deleted earlier) or a real 
node. The second case, though trivial in FT (with 0{n ) memory) is challenging in CompactFT. Before we 
discuss the cases, we introduce the ‘short-circuiting’ operation used during leaf deletion: 

bypass(x): (from [26]) Precondition : |hchildren(x)| = 1, i.e., the helper node has a single child. 

Operation : Delete helper (x), i.e., Parent of helper (x) and child of helper (x) remove their edges with 
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w y z 


(a) helper (v) is the parent of v. 




(b) helper(«;) is not the parent of w. 

Figure 3: Deletion of a leaf node whose parent is a helper node: two cases. 


helper(x) and make a new edge between themselves. 
hparent(x) EMPTY ; hchildren(x) <— EMPTY. 


1. Parent p of x is a helper node 

If p is a helper node, this implies that the original parent of x (in Go) had been deleted at some stage 
and x has exactly one helper node in one of the RTs in the tree above. Since x has been deleted, p has 
only one child now and Bypass(p) can now be executed. There are two further cases: 


(a) helper (x) is parent of x (Figure \3(a)\) : In this case, the only thing that needs to be done is 
Bypass (x) since this bypasses the deleted nodes and restores connectivity. However, the issue is 
that helper(x) has already been deleted, so how is Bypass(x) to be executed? For this, we use 
the mechanism of a LeafWill. Assume helper(x) had two children, x and y. When x sets up 
its LeafWill (which consists only of Bypass(x)), it designates y as its LeafHeir and sends it its 
LeafWill. In Figure 3(a), the LeafHeir of node v is w and the LeafWill(u) consists of the operation 
Bypass(u). 

(b) helper(x) is not the parent of x (Figure \3(b)\ ): Let p be the parent of the deleted node x. Since 
p now has only one child left, it will have to be short-circuited by Bypass(p). However, the node 
helper (x) has also been lost. Therefore, if we don’t fix that, we will disconnect the neighbours of 
helper (x). However, since p has been bypassed, Real(p) is not simulating a helper node anymore 
and, thus, Real(p) will take over the slot of helper(x) by making edges between its ex-neighbours. 
In this case, x simply designates p as its LeafHeir and leaves LeafWill(x) (which is of only O(logn) 
size) with p. In Figure |3(b)| node w is deleted, its parent and LeafHeir is helper(u) and, thus, 
when w is deleted, following LeafWill^), Bypass(u) is executed and v takes over helper(u;). 


The only situation left to be discussed is when x was a LeafHeir of another node. In this case, the 
algorithm follows the rules apparent from the cases before. Let v be the node that had x as its LeafHeir. 
Assume that after healing, p is the parent of Real(u) and assume for now that p is a helper node (the 
real node case is discussed later). Then, if p is helper (v), v makes the other child of p (i.e., u’s sibling) 
as u’s LeafHeir, otherwise v sets p as its LeafHeir and hands its Will over to the LeafHeir. 


2. Parent p of x is a real node 
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This case is trivial in FT as all that p needs to do is remove x from the list of its children (children(p) 
in FT), recompute its Will and distribute it to all its children. However, in CompactFT, p cannot 
store the list of its children and thus, update its Will. Therefore, we have to find a way for the Will 
to be updated in a distributed manner while still taking only a constant number of rounds. This is 
accomplished by using the facts that the Willportions are already distributed pieces of p’s Will and 
each leaf deletion affects only a constant number of other nodes allowing us to update the Willportions 
locally using Algorithm |5.4| Notice that since p is real, nodes cannot really execute x’s Will as in 
case [l] However, Will(p) is essentially the blueprint of RT(p). Hence, what p and its neighbours do 
is execute Will(x) on Will(p): this has the effect of updating Will(x) to its correct state and when 
ultimately p is deleted, the right structure is in place. 

This ‘simulation’ is done in the following manner: p detects the failure of x and informs all its neighbours 
by a BrLeafLost(<x>) message (Table[3|. The node that is LeafHeir (x), say v, will now simulate execu¬ 
tion of LeafWill(x). As discussed in Case[l] a LeafWill has two parts: a Bypass operation and a possible 
helper node takeover by another node. Suppose the Bypass operation is supposed to make an edge be¬ 
tween nodes a and b. Node v simulates this by asking p to send a PtWillConnection((a, <a>), (6, <b>)) 
message to its ports <a> and <b>. This has the effect of node a and b making the appropriate edge in 
their Willportion(p). Similarly, for the node take over of helper(x), v asks p to send PtWillConnection 
messages to make edges (in Willportions) between the node taking over and the previous neighbours 
of helper (x) in Will(p). 

Another case is when x was the LeafHeir of another node, say w. Since LeafHeir (a;) has already done 
the healing, the Willportions are now updated and it is easy for w to find another LeafHeir. This 
is straightforward as per our previous discussion. The new LeafHeir will either be Real(rc)’s Parent 
or (if Parent (re) = helper (re)) Parent (w) ’s other child. Notice this information is already present in 
Willportion(p, w). The new LeafWill(rc) is also straightforward to calculate. As stated earlier, every 
LeafWill has a Bypass and/or a node takeover operation. All the nodes involved are neighbours of 
w in Willportion(p, w). Therefore, this information is also available with w enabling it to reconstruct 
its new LeafWill which it then sends to the new LeafHeir via p using the PtNewLeafWill() message 
(Table [3]). Finally, there is a special case: 

• x was the only child of (real) parent p: 

Finally, there is also the possibility of node x being the only child of its parent p in which case p 
will become a leaf itself on x’s deletion. Node p can only be a Real node (a helper node cannot 
have one child) and since x does not have any sibling, x will not have any LeafHeir or LeafWill 
(rather, these fields will be set to NULL). Thus, when x will be deleted, there will be no new edges 
added. However, p will detect that it has become a leaf node and using p’s parent’s Willportion, 
it will designate a new LeafHeir, compute a new LeafWill (as discussed previously) and send it 
to its LeafHeir by messages (if p’s parent is Real) or directly. 


Theorem 3.1 (proof deferred to Section [ 5 ]) summarises the properties of CompactFT. 


Theorem 3.1. The CompactFT has the following properties: 


1. CompactFT increases degree of any vertex by only 3. 

2. CompactFT always has diameter 0(D log A), where D is the diameter and A the maximum degree of 
the initial graph. 

3. Each node in CompactFT uses only O(logn) local memory for the algorithm. 

4 . The latency per deletion is 0(1) and the number of messages sent per node per deletion is 0(A); each 
message contains 0(1) node IDs and thus O(logn) bits. 
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4 A Compact Self Healing Routing Scheme 


In this section, we present a fault tolerant / self-healing routing scheme. First, we present a variant of the 
compact routing scheme on trees of Thorup and Zwick [45] (which we refer to as TZ in what follows), and 
then we make this algorithm fault-tolerant in the self-healing model using CompactFT (Section [3]). We call 
the resulting scheme CompactFTZ. 


4.1 Compact Routing on Trees 


We present a variant of TZ that mainly differs in the order of DFS labelling of nodes. The local fields of each 
node are changed accordingly. This variant allows us to route even in the presence of adversarial deletions 
on nodes when combined with CompactFT (Lemma 4.1). 

Let T be a tree rooted at a node r. Consider a constant b > 2. The weight s v of a node v is the number 
of its descendants, including v. A child u of v is heavy if s u > s v /b , and light otherwise. Hence, v has at 
most b — 1 heavy children. By definition, r is heavy. The light routing index I v of v is the number of light 
nodes on the path from r to r, including v if it is light. We label a heavy node as tzheavy and a light node 
as tzlight. Note that here we are describing the scheme for the static case where the tree does not change 
over time. However, it is easy to extend this to the dynamic case (Section |4.2| ) by initially setting up the 
data structure in exactly the same way as the static case during preprocessing. Later on the classification 
into heavy and light type remains as it was set initially and need not be updated. 


We first enumerate the nodes of T in DFS post-order manner , with the heavy nodes traversed before the 
light nodes. For each node v , we let v itself denote this number. This numbering gives the IDs of nodes (in 
the original scheme, the nodes are labelled in a pre-order manner and the light nodes are visited first). For 
ease of description, by abuse of notation, in the description and algorithm, we refer interchangeably to both 
the node itself and its ID as r. 


Note that each node has an ID that is larger than the ID of any of its descendants. Moreover, given a 
node and two of its children u and v with u < v , the IDs in the subtree rooted at u are strictly smaller 
than the IDs in the subtree rooted at v. With such a labelling, routing can be easily performed: if a node 
u receives a message for a node i?, it checks if v belongs to the interval of IDs of its descendants; if so, it 
forwards the message to its appropriate children, otherwise it forwards the message to its parent. Using the 
notion of tzlight and tzheavy nodes, one can achieve a compact scheme. The local fields for a node are given 
in Table [4j Note that each node v locally stores 0(b log n) bits. The label L(v) of v is defined as follows: an 
array with the port numbers reaching the light nodes in the path from r tor. The definition of tzlight nodes 
implies that the size of L(y) is 0(log 2 n), hence the size of the header (v, L(v)) of a packet to v is 0( log 2 n). 
The scheme TZ is described in Algorithm |4.1| 


Algorithm 4.1 The TZ scheme. Code for node v for a message sent to node w. 
operation TZ v (w, L(w)): 
l: if v = w then 

2: The message reached its destination 

3: else if w £ [d v ,v\ then 

4: Forward to the parent through port P v [0] 

5: else if w G [c v ,v] then 

6: Forward to a tzlight node through port L{w)[i v \ 

7: else 

8: Let i be the index s.t. H v [i\ is the smallest tzheavy child of v greater than or equal to w 

9: Forward to a heavy node through port P v [i\ 

10: end if 
end operation 
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V 

DFS number (post-order) 

d v 

smallest descendent of v 

(in the original scheme, this is / v , the largest descendant of v ) 

c v 

smallest descendent of first tzlight child oft’, if it exists; otherwise 
v + 1 

(in the original scheme, this is h v , the first tzheavy child of v) 

H v : array with b + 1 elements 

H v [ 0] 

H V [1,...,H V [0]} 

number of tzheavy children of v 
tzheavy children of v 

P v : array with b+ 1 elements 

Pv[ 0] 

P V [1,...,H V [0}} 

port number of the edge from v to its parent, 
port numbers from v to its tzheavy children 

i 

light routing index of v 


Table 4: Local fields of a node v: Locally, each node v stores the above information 




Figure 4: The left side shows the tree before any deletion with the path a message from 8 to 1 will follow. 
The right side shows the tree obtained after deleting 7. The nodes enclosed in the rectangle are virtual 
helper nodes replacing 7. To route a message from 8 to 1, virtual nodes perform binary search, while real 
nodes follow TZ. 


4.2 The CompactFTZ scheme 

CompactFTZ (Algorithm [T2| combines TZ with CompactFT to make TZ fault tolerant in the self-healing 
model. The initialisation phase (Algorithm |4.2| line 4.2) performed during preprocessing sets up the data 


structures for CompactFTZ in the following order: A BFS spanning tree of the network is constructed rooted 
at an arbitrary node, then a DFS labelling and TZ setup is done as in Section |4.1[ followed by CompactFT 
data structures setup using the previously generated DFS numbers as node ID s. The underlying layer is 
aware of the node ID s, DFS number ID s and node labels to be used for sending messages (as in TZ). 

Recall that, in our model, if there is no edge between u and f, and port numbers x and y of u and f, 
respectively, are not in use, then u or f can request an edge (u, v ) attached to these ports. In what follows, 
we assume that in CompactFT, when a child x of p is deleted and a child w of x creates an edge (p, w), such 
an edge will use the port of p used by (p,v) and any available port of w. 
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Algorithm 4.2 The CompactFTZ scheme. Code for node v for a message sent to node w. 

Preprocessing: Construct a BFS spanning tree of the network from an arbitrary node. Do a DFS 
labelling and TZ setup followed by CompactFT data structures setup using TZ DFS numbers as node 

IDs. 

l: v runs CompactFT at all times. 

2 : if v is a real node then 
3: Invoke TZ V (w, L(w)) 

4: else // v is a virtual helper node (= helper (v)) 

5: if v = w then 

6 : The message has reached its destination 

7: else if w £ [d v ,v] then 

8 : Forward to the parent of helper(t’) in the current virtual tree. 

9: else if w < v then 

10 : Forward to the left child of helper(^) in the current virtual tree. 

11: else 

12 : Forward to the right child of helper(t’) in the current virtual tree. 

13: end if 

14: end if 


Every node runs CompactFT at all time. For routing, a real node just follows TZ (Algorithm |4.2[ Line [3]), 
while a virtual node first checks if the packet reached its destination (Line [5]), and if not, it performs a binary 
search over the current virtual tree (Lines |7| to [l2|). As mentioned earlier, though we use the notion of light 
and heavy nodes in the initial setup and use it to compute routing tables and labels, we do not maintain this 
notion as the algorithm progresses but just use the initially assigned labels throughout. Further, following 
CompactFT, if a node x is deleted, it is replaced by RT(x). If a packet traverses RT(x), the virtual nodes 
ignore the heavy/light classification and just use the IDs to perform binary search. Figure [4] illustrates 
CompactFTZ in action. In the figure, node 8 sends a packet for node 1. If there is no deletion in the tree, 
the packet will simply follow the path via the root 9, node 7, node 3 to node 1. Recall that at each node, 
the node checks if the packet destination falls in the intervals given by its heavy node, otherwise, it uses the 
light routing index to pick the correct port to forward the message from the label of the destination node 
given in the message. However, if node 7 is deleted by the adversary, using CompactFT, the children of 7 
construct RT(7) (recall this is also done in a compact manner). Since node 9 has helper node helper(6) at 
the port where it had node 7 earlier, the packet gets forwarded to node helper(6). Since 1 is less than 6, the 
packet traverses the left side of RT(7) and eventually reaches node 3. Node 3 applies the TZ routing rules 
as before and the packet reaches node 1. 


We use the following notation: Let T t be the CompactFTZ tree after t deletions. For a vertex v, let T t (v) 
denote the subtree of T t rooted at v. The set with the children of v in T t is denoted as childrenfiv) , while 
parent t (v ) is the parent of v in T t . The set of IDs in T t (v) is denoted as ID(T t (v)). If v has two children, 
left t (v) ( right t (v )) denotes the left (right) child of v, and L t (v) denote the left (right) subtree of v. 

Given two nodes u and v, we write u < ID(T t (v)) if ID (it) is smaller than any ID in ID(T t (v)), and similarly, 
we write ID (T t (u)) < ID (T t (v)) if every ID in ID(T t (u)) is smaller than any ID in ID(T t (v)). The definitions 
naturally extends to >, < and >. 


Theorem [L2] states the routing properties of CompactFTZ. Lemma 4.1 is the key to proving Theorem |4.2| 
(proofs deferred to Section^. Lemma 4.1 basically states that, after any sequence of deletions and subsequent 
self-healing, real nodes maintain the TZ properties and the helper nodes (i.e. the RTs) the BST properties, 
allowing routing to always function. 


Lemma 4.1. At every time t, the CompactFTZ tree T t satisfies the following two statements: 

1. For every real node v G T t , for every c G childrenfiv), v > ID(T t (c)), and for every c,d G children t (v) 
with c < d, ID{T t {c)) < ID(T t (d)). 
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2. For every virtual node helper(u) E T t , v > ID(L t (v)) and v < ID(R t (v)). 


Theorem 4.2. For every T t , for every two real nodes u,w E T t , CompactFTZ successfully delivers a message 
from u to w through a path in T t of size at most 5{u , w ) + y{ log A — 1), where 5{u , w) is the distance between 
u and w in T 0 and y < t is the number of non-leaf nodes deleted to get T t . 


Lemma 4.3 states the memory usage of CompactFTZ leading to the final correctness theorem (Theo¬ 


rem 


4.4). 


Lemma 4.3. CompactFTZ uses only 0(log 2 n ) memory per node to route a packet. 


Proof. CompactFT uses only O(logn) local memory (Theorem |3.1| ). The local fields of a node for routing 
have at most a constant number ( Ofb )) fields which are node references (logn) size, thus, using O(logn) 
memory. The label of a node (which is the ’address’ on a packet) is, however, of 0(log 2 n ) size (since there 
can be O(logn) light nodes on a source-target path) and therefore, a node needs 0(log 2 n) bits to process 
such a packet. □ 


Ignoring congestion issues, Lemma |4.3| implies that a node can store and route unto x packets using 
x. log 2 n local memory. 

Theorem 4.4. CompactFTZ is a self-healing compact routing scheme. 


Proof. The theorem follows directly from Lemma 4.3, Theorems 4.2 and 3.1 


□ 


4.3 Reporting Non-delivery (deleted receivers and sources) 

Contrary to what happens in static schemes such as Thorup-Zwick [45], we now have the issue that a node 
might want to send a packet to a node that has been deleted in hence we need a mechanism to report 
that a packet could not be delivered. To achieve that, the header of a packet now is defined as follows: 
when a node s wants to send a packet to £, it sends it with the header ((t,L(t) • (s,L(s)). When running 
CompactFTZ, each node considers only the first pair. 

When a node v receives a message M with a header containing two pairs, it proceeds as follows to detect 
an error i.e. a non-deliverable. The following conditions suggest to v that the receiver t has been deleted 
and the packet is non-deliverable: 

1. If v is a leaf (real node) and v ^ t: This is a dead end since the packet cannot traverse further. This 
implies that t must have been in the subtree of v but the subtree of v is now empty. 

2 . Ifv is a non-leaf node but there is no node at the port it should forward to: Similar to above, it indicates 
that u’s subtree involving t is empty. 

3. If u sent the packet to v but according to the routing rules, v should send the packet back to u: This 
happens when v is a helper node which is part of RT(t) or RT(x) where x was not on the path s — t 
in To. Node v will receive the message either on the way up (towards the root) or way down (from the 
root). In either case, if v is part of RT(£), due to the dfs numbering, it would have to return M to 
u. Another possibility is that due to a number of deletions RT(£) has disappeared but then x would 
either be an ascendent (if M is on the way up) or x would be a descendent of t (if M is on the way 
down). Either way, the DFS numbering would indicate to v that it has to return the message to u. 

If a target deletion has been detected due to the above rules, v removes the first pair of the header and 
sends back M to the node it got M from (with the header now only having (s, L(s)). When a node v receives a 
message M with a header containing only one pair, it proceeds as before and applies the same rules discussed 
previously. This time, a non-delivery condition however implies that the source has been removed too, and, 
therefore M can be discarded from the system. This ensures that ‘zombie’ or undeliverable messages do not 
clog the system. 
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4.3.1 About stretch 


The stretch of a routing scheme A , denoted A (A,G), is the minimum A such that r(s,t) < A dist(sR) for 
every pair of nodes s,£, where dist(sR) is the distance between s and t in the graph G and r(s,£) is the 
length of the path in G the scheme uses for routing a message from s to t. 

The stretch A(CompactFTZ, T 0 ) is 1: for any pair of nodes, TZ routes a message through the unique 
path in the tree between them. Similarly, the stretch A(CompactFTZ, T t ) is 1: each node that is deleted 
is replaced with a binary tree structure R , and the nodes in it perform a binary search, hence a message 
passing through R follows the shortest path from the root to a leaf, or vice versa. 

However, the stretch of CompactFTZ is different when we consider Gt. First note that the stretch 
A(CompactFTZ, Go) might be of order @(n) since a spanning tree of a graph may blow up the distances 
by that much. Since A(CompactFTZ, To) = 1, it follows that 5t{u,w) < A(CompactFTZ, Go) • Sg{u,w), 
where 5t{u,w) is the distance between u and w in To and 5q{u,w) is the distance between u and w in 
Go- Theorem |4.2| states that, for routing a message from u to re, CompactFTZ uses a path in T t of size 
at most St{u,w) + y (log A — 1), where y < t is the number of non-leaf nodes deleted to get T t . The 
y (log A — 1) additive factor in the expression is because each deleted non-leaf node is replaced with a binary 
tree, whose height is 0(log A). In the worst case, that happens for all y binary trees for a given message, 
which implies that A(CompactFTZ, G t ) < y {log A — 1) • A(CompactFTZ, Go) i.e. A(CompactFTZ, G t ) < 
y(\og A — 1) • A(CompactFTZ, Go) (since CompactFTZ only uses the tree for routing). 


5 CompactFT - Detailed Algorithms and Proofs 


Algorithm 5.1 CompactFT (Graph G): Main function 
l: Preprocessing and INIT: A rooted BFS spanning tree T(V,E') of G(V,E) is computed. For every node 
v, its Will (non-leaf or leaf as appropriate) is computed. Every node x in a Will is labeled as (x, < x >) 
where x is x’s ID and < x > is x’s port number at which x is connected to its parent (if any). Each 
node only has a Willportion and/or LeafWillportions (constant sized (in number of node ID s) portion 
of parent’s will or sibling’s will respectively). 

Port number 0 is reserved for u’s parent in T. The children of v are attached at ports 1 to numchildren(u), 
where numchildren(u) is also the number of u’s children in T. 

2 : while true do 
3: if a vertex x is deleted then 

4: if numchildren(x) > 0 then 

5: FixNonLeafDeletion(x) 

6: else 

7: FixLeafDeletion(x) 

8 : end if 

9: end if 

10: end while 


Lemma 5.1. In CompactFT, a real node simulates at most one helper node at a time. 

Proof. This follows from the construction of the algorithm. If deleted node x was a non-leaf node, it is 
substituted by RT(x) (Figure [l]). RT(x) is like a balanced binary tree such that the leaves are the real 
children of x and each internal node is a virtual helper node. Also, there are exactly the same number of 
internal nodes as leaf nodes and each leaf node simulates exactly one helper node. This is the only time in 
the algorithm that a helper node is created. At other times, such as during leaf deletion or as a heir, a node 
may simulate a different node but this only happens if the node relinquishes its previous helper node. Thus, 
a real node simulates at most one helper node at any time. □ 
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Algorithm 5.2 FixNonLeafDeletion(x): Self-healing on deletion of internal node 
1: while true do 

2: for child v of x (if they exist) do 

3: Execute the Will of x using the O(logn) sized Willportion(d, v). // i.e. make the connections given 

by Willportion(x, v) 

4: end for 

5: for parent t of x (if it exists) do 

6: t will be contacted by heir of x, say h to open a new connection to h at port of deleted node, port 

< x >. 

7: t will be informed by h that the ID of the deleted node was d 

8 : Send BrNodeReplace((x, < x >), (ft, < x >)) message to every neighbour. 

9: end for 

10: if node v receives message BrNodeReplace((x, < x >), (ft, < x >)) from parent p then 

ll: v changes every occurrence of node x to node h in its Willportion(x, v). 

12: end if 

13: end while 


Algorithm 5.3 FixLeafDeletion(x): Self-healing on deletion of leaf node 
l: Let p = Parent (x) 

2 : if p is a real node then // p has not been deleted yet 

3: p broadcasts BrLeafLost(< x >). // p does not know ID of d, only the port number < d > 

4: if node v receives a BrLeafLost(< x >) message then 

5: ^UpdateLeafWillPortion(p, < x >)// Use < x >’s LeafWill to update p’s will by updating 

Willportions using broadcast(Br* messages) and/or point-to-point (Pt* messages) 

6: end if 

7: else // The real parent of x was already deleted earlier 

8: if node v is < x >’s LeafHeir then // Note: Nodes v and d were neighbours 

9: Execute < x >’s LeafWill //A LeafWill has a Bypass and/or a node takeover action 

10: end if 

ll: if node x was < v >’s LeafHeir then / / Note: Nodes v and d were neighbours 

12: if Parent(v) = helper(v ) then // f’s helper node is real f’s parent 

13: v designates the other child (i.e. not v) of Parent(v) as < v >’s LeafHeir // Each node in the 

RThas two children. 

14: else 

15: v designates Parent(v) as new LeafHeir 

16: end if 

17: v sends LeafWill(f) to LeafHeir(f) 

18: end if 

19: end if 


Lemma 5.2. The CompactFT increases the degree of any vertex by at most 3. 


Proof. Since the degree of any node in a binary tree is at most 3, this lemma follows from Lemma 5.1 □ 


Lemma 5.3. The CompactFT ’s diameter is bounded by 0(D log A), where D is the diameter and A the 
highest degree of a node in the original graph (Go)- 


Proof. This also follows from the construction of the algorithm. The initial spanning tree To is a BFS 
spanning tree of Go; thus, the diameter of Tq may be at most 2 times that of Go- Consider the deletion of a 
non-leaf node x of degree d. x is replaced by RT(x) (Figure [l]). Since RT(x) is a balanced binary tree (with 
an additional node), the largest distance in this tree is logd. Two RTs never merge, thus, this RT cannot 
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Algorithm 5.4 UpdateLeafWillPortion(j9, < x >): Node v updates Leaf Wills by ‘simulation’. The 
identity of any node a is available as (a, < a >) in the wills, 
l: if Node v is x’s LeafHeir then // Simulate execution of Ps LeafWill 
2: Let x' be the parent of helper(x) in Will(p) 

3: if helper(u) is parent of Real(x) in Will(p) then // Case 1: helper(x) was not the parent of Real(x) 

in Will(p) 

4: for Will(p) do 

5: Let w be other child (i.e. not x) of v. 

6: Let u be the parent of helper(u). 

7: Let l' be the left child of helper(x) 

8 : Let r' be the right child of helper(x) // NULL if x was an heir. 

9: end for 

10: p.PtWillConnection((Real(u;), < w >), (iq < u >)) // Simulate Bypass(< x >) 

ll: p.PtWillConnection((helper (v), < v >), (V, < x' >)) // v sends messages through parent p 

12: p.PtWillConnection((helper(u), < v >), (/', < l' >)) 

13: p.PtWillConnection((helper (v), < v >), (r', < r' >)) 

14: else 

15: p.PtWillConnection((helper(u), < v >), (a/, < x' >)) // Case 2: helper(x) was the parent of Real(x); 

Only Bypass (x) required. 

16: end if 

17: else if node x was < v >’s LeafHeir then 
18: if Parent(u) = helper(u) in Will(p) then 

19: v designates the other child (i.e. not v ) of Parent (v) as < v >’s LeafHeir. 

20: else 

21: v designates Parent (v) as new LeafHeir 

22: end if 

23: p.PtNewLeafWill((u, < v >), (LeafHeir(u), < LeafHeir(u) >), LeafWill(v)) // v sends LeafWill(u) to 

LeafHeir (u). 

24: end if 


grow. A leaf deletion can only reduce the number of nodes in a RT reducing distances. Consider a path 
which defined the diameter D in Go. In the worst case, every non-leaf node on this path was deleted and 
replaced by a RT. Thus, this path can be of length at most 0(D log A) where A is the maximum possible 
value of d. □ 

Lemma 5.4. In CompactFT, a node may be LeafHeir for at most two leaf nodes. 

Proof. For contradiction, consider a node y that is LeafHeir( r), LeafHeir( u) and LeafHeir(u;) for three leaf 
nodes iq v and w all of whose parent is node p. From the construction of the algorithm, u’s LeafHeir can 
either be the parent of Real(u) or a child of helper(u) in RT (p). If node y is Real, it cannot have a child in 
RT(p), therefore it can be LeafHeir for only one of rq v or w (by the first rule). However, if y is a helper 
node, the following case may apply: y is the parent of both Real(ix) and Real(u) and child of helper(re) 
(wlog): However, since the RT is a balanced binary search tree ordered on the ID s of the leaf children (the 
Real nodes), one of y' s children (the left child) must be Realty). Therefore, helper (y) can be LeafHeir for 
either u or q and w. □ 

Lemma 5.5. Compact FT requires only O(logn) memory per node. 

Proof. Here, we analyse the memory requirements of a real node v in CompactFT. As mentioned before, v 
does not store the list of its neighbours or its RT (these can be of 0(n ) size). However, v uses the O(logn) 
sized fields numchildren and maxportnumber to keep track of the number of children it presently has and 
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the maximum port number it uses. CompactFT uses the property that the initial port assignment does not 
change. If v is a non-leaf node, it does not store any piece of Will(t’) that is distributed among v’s children. 
If v is a leaf node, it has only a O(logn) sized will (LeafWill(t’)), which it stores with its LeafHeir (though 
v can also store the LeafWill(r’)). Let p be the parent of v. If p is Real, Node v will store Willportion(p, v), 

i.e., the portion of Will(p) (i.e., RT(p)) in which v is involved. From Lemma 5.1, there can only be two 
occurrences of v (one as Real and one as helper). Since RT(p) is a binary tree, helper(^) can have at most 3 
neighbours and Real(v) at most 1 (as real nodes are leaves in a RT). Therefore, the total number of IDs in 
LeafWillportion(p, v) cannot exceed 6 and its size is O(logn). By the same logic, if v hosts a helper node, 
by Lemma [5T| it only requires O(logn) memory, v may also have LeafWills for its siblings. By Lemma 5.4 
Real(t’) and helper(?;) may store at most 2 of these wills each; this takes only O(logn) storage. Every node 
in a Will is identified by both its ID and port number. However, this only doubles the memory requirement. 
Finally, all the messages exchanged (Table |3| are of O(logn) size. □ 


Theorem |3.1[ The CompactFT has the following properties: 


1. CompactFT increases the degree of any vertex by only 3. 

2. CompactFT always has diameter bounded by 0(D log A), where D is the diameter and A the maximum 
degree of the initial graph. 

3. Each node in CompactFT uses only O(logn) local memory for the algorithm. 

4- The latency per deletion is 0(1) and the number of messages sent per node per deletion is 0(A); each 
message contains 0(1) node IDs and thus O(logn) bits. 


Proof. Part [l] follows from Lemma |5.2| and Part [2] from Lemma |5.3| Part [3] follows from Lemma |5.5| Part [4] 
follows from the construction of the algorithm. Since the virtual helper nodes have degree at most 3, healing 
one deletion results in at most 0(1) changes to the edges in each affected reconstruction tree. As argued 
in Lemma 5.5, both the memory and any messages thus constructed are O(logn) bits. Any message is 


required to be sent only 0(1) hops away. Moreover, all changes can be made in parallel. Only the broadcast 
messages, Hr* messages, are broadcasted by a Real node to all its neighbours and thus 0(A) messages (sent 
in parallel) may be used. □ 


6 CompactFTZ - Proofs 

Lemma |4.1f At every time t, the CompactFTZ tree T t satisfies the following two statements: 

1. For every real node v eT t , for every c G children t (v), v > ID(T t (d)), and for every c,d G children t (v) 
with c < d, ID(T t (c)) < ID(T t (d)). 

2. For every virtual node v' G T t , v > ID(L t (v)) and v < ID(R t (v)). 


Proof. We proceed by induction on t. For t = 0, To satisfies property (1) because its the properties of initial 
DFS labelling, while property (2) is satisfied since there are no virtual nodes in T 0 . 

Suppose that T t satisfies (1) and (2). Let v G T t the node deleted to obtain Tt+ 1- We show Tt+i satisfies 
(1) and (2), we only need to check the nodes that are affected when getting Tt+ 1 . We identify two cases: 

1. v is not a leaf in T t . Let ci,..., be the children of v in T t in ascending order. Each c* might be real 
or virtual, and if it is virtual then it is denoted c[ and is simulated by a real node real(c[). Let RT(v) 
be the reconstruction tree obtained from the children of v, as explained in Section [3j By construction, 
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we have that (virtual) d x , the child of v with the largest ID, is the root of RT(v ) and it has no right 
subtree. Moreover, d x _ 1 is the left child of c' x . We now see what happens in Tt+ 1. We first analyze the 
case of the parent of v and then the case of the children. 

If z = parent t (v) is a real node, then z and d x create an edge between them, and hence RT(v ) is a 
subtree of 2 in Tt+i (see Figures [5] top-left and top-right where the node 9 is deleted). By induction 
hypothesis, the lemma holds for v in T t and RT(v ) contains only the children of u, hence the lemma 
still holds for z in Now, if z f = parent t {v) is a virtual node, then it must be that there is a 

virtual node d in T t that is an ancestor of v (this happens because at some point the parent of v in 
T = To was deleted, hence v created a virtual node d\ see Figure [ 5 ] bottom-left where the parent of 
8 is virtual). For now, suppose c x is a real node (below we deal with the other case). In Tt+ 1 , 4 
replaces n', and z’ and d x _ x create an edge between them, hence in the end leftt+i(d x ) = left t (d ), 
right t +i(d x ) = righted) and z f = parent t +i(d x _ 1 ) (see Figure [ 5 ] bottom-right where 7’ replaces 8’). 
In other words, the root d x of RT(v ) takes over d and the left subtree of c' x in RT(v) (whose root 
is d x _ l ) is connected to z’. We argue that the lemma holds for c x and z' in Tt+ 1 . The case of z' is 
simple: by induction hypothesis, the lemma holds for z' and v in Tt, and RT(v ) is made of the children 
of v in T t . The case of d x is a bit more tricky. First, since the lemma holds for d in T t , then it must 
be that v G L t (d) and c x < ID(R t (v')). Also, we have that v < d x , hence d x > ID(L t +i(c x )) and 
4 < ID(R t+1 (c' x )). 

Now, let’s see what happens with a child q. If q is a real node, then virtual c[ (which belongs to 
RT(v )) is an ancestor of c* in Tt+ 1 . The lemma holds for q because the subtrees of q in T t and Tt+i 
are the same. Similarly, the lemma holds for c[ because RT(v) is a binary search tree and the lemma 
holds for each child of v in T t , by induction hypothesis. 

Consider now the case c* is a virtual node, hence denoted c[. In this case, in T t , (real) q is a descendant 
of c'. We have that d i appears in RT(v ) two times, and both of them as a virtual node, one as a leaf 
and the other as an internal node (see Figure [ 5 ] top-right where 11 is deleted to get the tree at the 
bottom-left; 8' is virtual, is a child of 11 and appears two times as virtual node in RT(11)). Let d { 
denote the virtual leaf (this node also belongs to T t ) and d( denote the internal virtual node. So, by 
replacing v with RT(v ), it would not be true any more that every real node simulates at most one 
virtual nodes, since c* would be simulating d i and d(. To solve this situation, v! = /e/£t(c-) replaces c-, 
and d i replaces d( (in this case d i always has only one child in T tj v !, which is left). In other words, in 
R[v\ d i is moved up to the position of d( and u' is moved up to the position of d i (see Figure [^bottom- 
left). Thus, L t +i(u') = L t (u' ) and R t +i(u') = R t (u'). The lemma holds for u' because it was moved 
up one step and the lemma holds for it in T t , by induction hypothesis. To prove that the lemma holds 
for c-, let us consider RT(v) and c-, d( in it. By construction, we have that d i > ID(L(c‘,RT(v ))) and 
d i < ID(R(c",RT(v))). Also, since the lemma holds for each child of v in T tl for each child Cj 7 ^ d i of 
v in Tj, if Cj < c', it must be that d i > ID(T t (cj )), otherwise d i < ID(T t (cj)). These two observation 
imply that d { > ID(L t + i(cQ) and c[ < ID(R t j-i(d i )). This completes the case. 

2. v is a leaf in T t . First consider the subcase when the parent t (v) is a real node. We have that T *+1 is 
T t minus the leaf u, hence the lemma holds for Tt+ 1 , by induction hypothesis. 

Now, if u' = parent t (v) is a virtual node then in T t , there is a virtual node u', which is an ancestor of 
v (this happens because at some point the paren of v in To = T was deleted, hence v created a virtual 
node). In T t , there is descending path from d to u, that passes through virtual nodes until reaches v. 
Let us denote this path P = v\ u ' 1} ..., u' x , v, for some x > 0. We have the following three subcases. 

If x = 0, then d is the parent of v, and actually left t (v') = v , by the induction hypothesis. Thus, d 
and v are just removed, and Rt(d) replaces d in Tt+i, namely, parent t (v') is connected the root of 
Rt(d). It is easy to check that the lemma holds for Tt+ 1- 

If x = 1 then u[ replaces d and Lt + i(^ / 1 ) = L t (u [) and R t -\-i(u f 1 ) = R t (v'). Namely, v and d are 
removed and u[ is moved up one step. Again, it is not hard to see that the lemma holds for Tt+ 1 . 
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The last subcase is x > 1. In T t+ i, u x replaces v' and i?t+i('U^_i) = L t (u x ). Clearly, the lemma 
holds for u x _ 1 because u x _ 1 < ID(L t (u x )), by induction hypothesis. To prove that the lemma holds 
for v! x , we observe the following about the path P = u', ..., u x , v, x > 1 (e.g., the path from 

7’ to 7 in Figure [5] bottom-right). The lemma holds for T t , hence v G L t (v') : which implies that 
u[ = left^v '), and actually u[ < v' = u, for each v^. Also observe that the induction hypothesis 
implies that v G Rt(ui ), for each u[. Therefore, we have that u x > IDffTt^u'fj), 1 < i < x — 1, which 
implies that u x > ID(L t +i(u' x )). Also, since u x G L t (v'), it must be that u x < ID(R t (v ')), hence 
< < TD(i?t + i(r4))- The induction step follows. 


□ 

Theorem \4.2\ For every T t , for every two real nodes u,w G T t , CompactFTZ successfully delivers a 
message from u to w through a path in T t of size at most S(u , w) +y( log A — 1), where S(u , w) is the distance 
between u and w in Tq and y < t is the number of non-leaf nodes deleted to get T t . 


Proof. The claim holds for t = 0 (static case, analogous to [25]). For t > 0, suppose a message M from u to 
w in T t , reaches a real node x (possibly x = u). Note that x is oblivious to the t- th node deletion, namely, 
it does not change its routing tables in the healing-process, hence it makes the same decision as in T t -\. 
Let ffportnumber be the port through which x sends M in T t , and let v be the vertex that is connected 
to x through port # portnumber in T t - 1 . Lemma 4.1 (1) implies that if w is ancestor (descendant) of x in 
T t _ 1 , then it is ancestor (descendant) of x in T t . Moreover, the path in T t from x to w passes through port 
if portnumber. If v is not the t-th vertex deleted, then, v is in T^, and it gets M from x, which implies that 
M gets closer to w. Otherwise, v is the t- th vertex deleted. In this case, in T t , a virtual node y' is connected 
to x through port ffportnumber , thus, y' gets M from x. By Lemma 4.1 (2), y' necessarily sends M to a 
virtual or real node that is closer to w. Thus, we conclude that M reaches w. 


For the length of the path, note that after t deletions, from which y are non-leafs, at most y nodes in the 
path from u to w in Tq are replaced in T t with y binary trees of depth O(logA) each of them. Then, the 
length of the path from u to w in T t is at most 5{u , w) + y{ log A) — y = 5{u , w) + y{ log A — 1), in case the 
path has to pass through all these trees from the root to a leaf, or vice versa. □ 


7 Extensions and Conclusion 

This paper presented, to our knowledge, the first compact self-healing algorithm and also the first self-healing 
compact routing scheme. We have not considered the memory costs involved in the preprocessing but we 
believe that it should be possible to set up the data structures in a distributed compact manner: this needs 
to be investigated. The current paper focuses only on node deletions,. Can we devise a self-healing compact 
routing scheme working in a fully dynamic scenario with both (node and edge) insertions and deletions? The 
challenges reside in dealing with the expanding out-degree efficiently. 

The current paper allows to add additional links to nearby nodes in an overlay manner. What should 
the model be of losing links without losing nodes? How will it affect the algorithms appearing in this paper? 
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